HKMA Studies Adoption of Artificial Intelligence in Banking Sector

The report provides useful insights about the risk management framework for banks adopting artificial intelligence, the overarching principles guiding the supervision of artificial intelligence adoption in banking, and the development of regtech and suptech. One of the insights is that a broader use of artificial intelligence will not only create new opportunities, but also pose new risks and challenges to banks, including the lack of quality data and data protection, and difficulty in explaining and validating artificial intelligence models. Overall, the report highlights the opportunities and challenges from broader use of the technology by bank, examines the challenges faced by regulators in supervising the use of artificial intelligence, and discusses the potential of regtech and suptech to change the landscape of compliance and banking supervision.  Banks have expanded the use of regtech in data submission, regulatory reporting, and fraud detection while regulators have used suptech to gain direct access to bank data through API, extracting new insights from various types of data.

The report sets out that the stance of HKMA on the use of technology by banks is based on the principles of technology neutrality and risk-based supervision. The risk-based approach to supervision suggests that the regulator will focus on potential risks arising from the use of technologies when framing regulatory requirements. Hence, banks using more complex forms of artificial intelligence applications with greater customer impact would be scrutinized more closely than banks using simpler versions of artificial intelligence. So far, bank regulators worldwide have generally adopted the strategy of setting out guiding principles to promote a sound, fair, ethical, and transparent use of artificial intelligence technologies. In line with this practice, HKMA has implemented three sets of supervisory guidelines or initiatives to govern the prudent use of data analytics and artificial intelligence models and to strengthen the resilience of cyber-security systems.

The report argues that policy initiatives in facilitating the use of artificial intelligence in compliance and supervision can benefit both banks and regulators. In terms of regtech and suptech initiatives, the report establishes that compliance reporting functions can be enhanced by common reporting taxonomy, shared data repository, and the use of APIs by regulators to "read" the data directly from banks’ own systems. Natural language processing offers new ways to monitor banks’ sentiment and identify inconsistencies between banks’ internal management information and published versions.  To achieve greater synergies from using regtech and suptech, banks and regulators may work together to explore the best use of artificial intelligence in compliance and supervision, such as introducing machine-readable regulations and enhancement of data infrastructure. Regulators can use suptech to improve data collection such as  reporting, data management, and through virtual assistance. Through the use of data analytic tools, regulators can obtain more insights by extracting information from various types of data for purposes of market surveillance, misconduct analysis, and micro- and macro-prudential supervision. The report also concludes that policy initiatives in strengthening public-private cooperation can help to promote knowledge exchange and experience-sharing. 

Keywords: Asia Pacific, Hong Kong, Banking, Artificial Intelligence, Regtech, Suptech, Cyber Risk, Reporting, Machine-Readable Regulations, HKMA